if (!silc_pkcs_public_key_decode(payload->pk_data, payload->pk_len,
&public_key)) {
status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
+ SILC_LOG_ERROR(("Unsupported/malformed public key received"));
if (ske->callbacks->proto_continue)
ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
silc_pkcs_public_key_set(ske->prop->pkcs, public_key);
if (silc_pkcs_verify(ske->prop->pkcs, payload->sign_data,
payload->sign_len, hash, hash_len) == FALSE) {
-
- SILC_LOG_DEBUG(("Signature don't match"));
+ SILC_LOG_ERROR(("Signature verification failed, incorrect signature"));
status = SILC_SKE_STATUS_INCORRECT_SIGNATURE;
goto err;
}
recv_payload->pk_len,
&public_key)) {
ske->status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
+ SILC_LOG_ERROR(("Unsupported/malformed public key received"));
if (ske->callbacks->proto_continue)
ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
silc_pkcs_public_key_set(ske->prop->pkcs, public_key);
if (silc_pkcs_verify(ske->prop->pkcs, recv_payload->sign_data,
recv_payload->sign_len, hash, hash_len) == FALSE) {
-
- SILC_LOG_DEBUG(("Signature don't match"));
-
+ SILC_LOG_ERROR(("Signature verification failed, incorrect signature"));
ske->status = SILC_SKE_STATUS_INCORRECT_SIGNATURE;
if (ske->callbacks->proto_continue)
ske->callbacks->proto_continue(ske, ske->callbacks->context);
SILC_LOG_DEBUG(("We are doing mutual authentication"));
if (!recv_payload->pk_data && ske->callbacks->verify_key) {
- SILC_LOG_DEBUG(("Remote end did not send its public key (or "
+ SILC_LOG_ERROR(("Remote end did not send its public key (or "
"certificate), even though we require it"));
ske->status = SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED;
return status;
SILC_LOG_DEBUG(("Creating random number"));
/* Get the random number as string */
- string = silc_rng_get_rn_data(ske->rng, (len / 8));
+ string = silc_rng_get_rn_data(ske->rng, ((len - 1) / 8));
if (!string)
return SILC_SKE_STATUS_OUT_OF_MEMORY;
/* Decode the string into a MP integer */
- silc_mp_bin2mp(string, (len / 8), rnd);
+ silc_mp_bin2mp(string, ((len - 1) / 8), rnd);
silc_mp_mod_2exp(rnd, rnd, len);
/* Checks */
if (silc_mp_cmp_ui(rnd, 1) < 0)
status = SILC_SKE_STATUS_ERROR;
-
if (silc_mp_cmp(rnd, n) >= 0)
status = SILC_SKE_STATUS_ERROR;
memset(k2, 0, sizeof(k2));
memset(k3, 0, sizeof(k3));
silc_free(dtmp);
+ silc_buffer_clear(dist);
silc_buffer_free(dist);
} else {
/* Take normal hash as key */
memset(k2, 0, sizeof(k2));
memset(k3, 0, sizeof(k3));
silc_free(dtmp);
+ silc_buffer_clear(dist);
silc_buffer_free(dist);
} else {
/* Take normal hash as key */
key->hmac_key_len = req_hmac_key_len;
memset(hashd, 0, sizeof(hashd));
+ silc_buffer_clear(buf);
silc_buffer_free(buf);
return SILC_SKE_STATUS_OK;
memset(tmpbuf, 0, klen);
silc_free(tmpbuf);
+ silc_buffer_clear(buf);
silc_buffer_free(buf);
return status;